CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

CVE-2017-5407

CVE-2017-5407 describes a information-disclosure flaw in SVG filters due to floating-point timing side channels that can leak pixel data and history across origins. Affected products include Mozilla Firefox and Thunderbird versions older than 52 (Firefox ESR older than 45.8; Thunderbird older tha...

chromium-browser: Incorrect escaping of MathML in Blink

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

DEBIAN-CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name...

ALPINE-CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name...

Philips IntelliVue Patient and Avalon Fetal Monitors Information Exposure Vulnerability

Philips IntelliVue Patient Monitors MP2 and others are products of the Dutch company Philips.Philips IntelliVue Patient Monitors MP2 is a patient monitor device of the MP series.Avalon Fetal/Maternal The Avalon Fetal/Maternal Monitors FM20 is a maternal/infant monitor. An information exposure...

Unauthorized Access Vulnerability in Multiple Philips Products

Philips IntelliVue Patient Monitors MP2 and others are products of the Dutch company Philips.Philips IntelliVue Patient Monitors MP2 is a patient monitor device of the MP series.Avalon Fetal/Maternal The Avalon Fetal/Maternal Monitors FM20 is a maternal/infant monitor. An unauthorized access...

Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)

Summary Due to a lack of proper origin checks in the message passing from regular web pages, any arbitrary web page is able to call privileged background page APIs for the Read&Write Chrome extension vulnerable version 1.8.0.139. Many of these APIs allow for dangerous actions which are not meant ...

Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)

Summary Due to a lack of proper origin checks in the message passing from regular web pages, any arbitrary web page is able to call privileged background page APIs for the Read&Write Chrome extension vulnerable version 1.8.0.139. Many of these APIs allow for dangerous actions which are not meant ...

Mail.ru: DNS Misconfiguration

Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...

EOS.IO DAWN Denial of Service Vulnerability

EOS.IO DAWN is a smart contract platform based on blockchain technology. The platform is used to deploy decentralized applications. A security vulnerability exists in EOS.IO DAWN version 4.2, which stems from the plugins/netplugin/netplugin.cpp file failing to limit the number of P2P links from t...

CVE-2016-10549

Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests ...

Cross site scripting

Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests ...

CVE-2016-10549

Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests ...

CVE-2016-10549

The CVE-2016-10549 issue affects Sails (0.12.7 and earlier) where CORS is misconfigured: the origin header value can be reflected as Access-Control-Allow-Origin. This creates cross-origin risk when allRoutes is true and origin is set to * or left commented. The risk heightens if credentials are n...

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1126)

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free in compositor potentially allows code execution CVE-2018-5148 - Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8...

CVE-2018-4943

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app...

CVE-2018-4943

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app...